6f6b97aafdc1b2b4972def85fe3bf66c62c670146a363ccab90defca2af1ea20

Sharing

Copy URL Twitter E-mail

General

Target

6f6b97aafdc1b2b4972def85fe3bf66c62c670146a363ccab90defca2af1ea20
Size

592KB
MD5

a0ff3657bab24dd40f935c72007cf2b0
SHA1

1a98b72f3fa1c40dfff77ab81a5d5c82611a6406
SHA256

6f6b97aafdc1b2b4972def85fe3bf66c62c670146a363ccab90defca2af1ea20
SHA512

36a21c9d2d34ac10aaf6d3ac081885eca92c7507b89325e71572a94818cdd9bf76af4a0dd43702c8979183c9e21032d04fcca6edf6e4169dd50adfb44238ae1c
SSDEEP

12288:Jek+puZAxlegCnApeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee:JC4AmgCnA

Score

N/A

Malware Config

Signatures

Files

6f6b97aafdc1b2b4972def85fe3bf66c62c670146a363ccab90defca2af1ea20
.exe windows x86

bdde3c4721292a8ff190354fbbfc5889

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasDeleteEntryA

shlwapi

PathFileExistsA
PathIsDirectoryA
SHDeleteKeyA

mfc42

ord2860
ord2614
ord922
ord924
ord538
ord939
ord4278
ord926
ord6055
ord1776
ord5290
ord4424
ord3721
ord567
ord795
ord4275
ord3573
ord3626
ord755
ord2414
ord1641
ord5875
ord470
ord2393
ord2859
ord2379
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord2621
ord1134
ord6883
ord3181
ord4058
ord2781
ord668
ord2770
ord356
ord801
ord4202
ord4277
ord541
ord5683
ord5856
ord6876
ord6143
ord2764
ord4710
ord923
ord925
ord2725
ord665
ord6663
ord1979
ord5442
ord3318
ord5186
ord354
ord6467
ord6930
ord6928
ord6283
ord6282
ord1997
ord5465
ord1980
ord798
ord5194
ord533
ord3178
ord940
ord1146
ord1168
ord2370
ord2302
ord6880
ord4284
ord2864
ord640
ord2405
ord1640
ord323
ord6197
ord6379
ord3089
ord3571
ord3693
ord6172
ord4123
ord3874
ord4133
ord5788
ord4297
ord2754
ord5785
ord3706
ord5782
ord5781
ord5787
ord2567
ord816
ord562
ord5440
ord6383
ord3619
ord4234
ord641
ord324
ord6394
ord5834
ord5450
ord3903
ord823
ord2107
ord2044
ord535
ord537
ord858
ord6877
ord2915
ord5572
ord2818
ord2448
ord2841
ord540
ord860
ord3663
ord4853
ord4376
ord941
ord6199
ord3092
ord6334
ord800
ord2358
ord825
ord3597
ord4425
ord4627
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord5265
ord1176
ord1116
ord1105
ord1575
ord1577
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_EH_prolog
_mbsicmp
_stat
fprintf
_mbsnbcpy
_ftol
memmove
strtol
wctomb
_mbsnbcmp
_mbccpy
_mbsstr
sprintf
_mbclen
_mbsncmp
_mbschr
fwrite
fopen
_errno
strerror
fseek
ftell
fread
fclose
atoi
_mbscmp
__CxxFrameHandler
_CxxThrowException
_setmbcp
_controlfp

kernel32

OpenProcess
GetLastError
GetSystemDirectoryA
GetVersion
ReadProcessMemory
CloseHandle
GetSystemDefaultLangID
GetACP
CreateDirectoryA
CreateProcessA
GetModuleFileNameA
DeleteFileA
SetFileAttributesA
Sleep
WaitForSingleObject
SetCurrentDirectoryA
GetWindowsDirectoryA
CopyFileA
RemoveDirectoryA
GetVersionExA
TerminateThread
OutputDebugStringA
TerminateProcess
GetExitCodeProcess
FreeLibrary
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
LoadLibraryExA
ReleaseMutex
GetLocalTime
CreateMutexA
GetCurrentThreadId
MulDiv
LocalFree
LocalAlloc
GetModuleHandleA
GetStartupInfoA
lstrlenW
GetCommandLineA

user32

GetPropA
UpdateWindow
CallWindowProcA
GetWindowLongA
GetWindowTextA
GetClassNameA
SystemParametersInfoA
SetWindowLongA
CallNextHookEx
UnhookWindowsHookEx
LoadBitmapA
SetWindowsHookExA
GetWindowRect
SetTimer
LoadIconA
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutA
RegisterWindowMessageA
PostMessageA
DrawFocusRect
EndDialog
InflateRect
IsWindowVisible
CopyRect
WindowFromDC
GetSysColor
PtInRect
ReleaseCapture
GetMenu
IsWindow
GetDesktopWindow
InvalidateRect
GetActiveWindow
FindWindowA
MessageBoxA
GetDC
GetClientRect
FillRect
EnumChildWindows
EnableWindow
SetPropA
SendMessageA
ShowWindow
GetParent
GetFocus
OffsetRect
SetCapture
GetCapture

gdi32

GetClipRgn
CreateRectRgn
CreateRectRgnIndirect
GetRgnBox
CreateFontA
FillRgn
CombineRgn
BitBlt
RoundRect
CreatePen
SetBkMode
GetStockObject
CreateCompatibleDC
SelectObject
GetObjectA
GetBkColor
DeleteObject
StretchBlt
CreateRoundRectRgn
CreateFontIndirectA
CreateSolidBrush

advapi32

RegDeleteValueA
RegEnumValueA
RegDeleteKeyA
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathA
SHChangeNotify
SHGetSpecialFolderPathA

ole32

OleInitialize
OleUninitialize
CoInitialize
OleRun
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

okrghxo
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bdde3c4721292a8ff190354fbbfc5889

Headers

File Characteristics

Imports

rasapi32

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 488KB - Virtual size: 488KB

okrghxo Size: - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 488KB - Virtual size: 488KB

okrghxo
Size: - Virtual size: 4KB